ENS National Security Scheme Audit
As CISA Auditor (Certified Information System Auditor) by ISACA I carry out audits of the National Security Scheme. Remember that the ENS is applicable to State Administrations, Autonomous Communities and Entities of the Local Administration. Also to public law entities dependent on the above, to citizens in their relations with Public Administrations, to relations between different public administrations, to private sector operators that provide services or provide solutions to public entities.
The ENS that aims to establish the security policy in the use of electronic means, the main elements of the ENS being the following:
The basic principles to consider in security decisions.
The minimum requirements that allow adequate protection of information.
The mechanism to achieve compliance with the basic principles and minimum requirements by adopting security measures proportionate to the nature of the information and services to be protected.
The security audit.
The response to security incidents.
For ISO 27001 there are three dimensions of security, which are:
Confidentiality, which preserves the information so that it is only accessible or known by those who have authorization to do so.
Integrity, which preserves the information so that it is only altered by those who have authorization to do so. An extreme case is the suppression of information.
Availability, which guarantees that the information is accessible during the agreed period, normally through a service level agreement (SLA / ANS). It is usually a dimension associated with the services that process the information.
The National Security Scheme adds two additional dimensions to these three:
Authenticity, which guarantees that whoever carries out a procedure is really who they say they are or, from the point of view of information, guarantee that it is authentic.
Traceability, which ensures that all the procedures carried out are recorded, indicating who did them and at what precise moment or, from the point of view of the information, making it possible to verify afterwards who has accessed or modified it, and when .
If you wish, fill out the side form and I will contact you.